Latest news with #Episource
Yahoo
16-07-2025
- Health
- Yahoo
5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
When you buy through links on our articles, Future and its syndication partners may earn a commission. Hackers continue to go after healthcare-related businesses in their attacks and unfortunately, you could easily get caught up in the aftermath as the result of a data breach. Case in point, millions of Americans are now receiving data breach notifications in the mail following a cyberattack on a medical billing company earlier this year. As reported by BleepingComputer, back in January and early February, hackers stole the personal and medical information of 5.4 million people during a cyberattack at the American healthcare services company Episource. While you likely haven't heard of this company, which is owned by UnitedHealth Group's Optum subsidiary, it provides risk adjustment, medical coding, data analytics and other tech to healthcare providers. As a result, Episource often handles large troves of personal and medical data which makes it a valuable target for hackers and other cybercriminals. Now though, the company has begun notifying affected individuals that their personal and medical data could be in the hands of hackers. Here's everything you need to know about this major medical data breach along with what to do next and steps to help keep you safe from any follow-up attacks. Personal and medical data exposed The hackers behind this attack managed to gain access to Episource's systems at the beginning of the year and according to a data breach notice on its site, the breach likely occurred sometime between January 27th and February 6th. During that time, the hackers were able to view as well as steal copies of some data in the company's computer systems. While the exposed data varies from person to person, it may include one or more of the following: Full name Physical address Email address Phone number Insurance plan information Medicaid ID and information Medical record details Date of birth Social Security number Fortunately though, no banking or payment card information was exposed as a result of the breach. In a filing with the U.S. Department of Health and Human Service's Office for Civil Rights, Episource revealed that approximately 5,418,886 people are affected. The company began sending out data breach notifications to impacted individuals in April but as TechCrunch points out in a new report, additional notices have since been filed in California and Vermont and more people are now being notified in regard to this breach. How to stay safe after a data breach With patients' full names, addresses, emails, phone numbers, dates of birth and especially their Social Security numbers in hand, there's a whole lot that hackers can do. From committing fraud and even identity theft to launching targeted phishing attacks using this stolen data, those impacted by this breach are going to need to be extra careful when answering their phones, checking their mailboxes and looking at their email. Episource is taking steps to soften the blow of this breach by providing affected individuals with free access to the best identity theft protection services. In the company's data breach notification shared (PDF) with the Office of the Vermont Attorney General, it explained that people whose medical and personal data was exposed can sign up for credit monitoring and identity restoration services from IDX which can be done so online or over the phone. If you're worried that your personal data and medical info could have been exposed, you're going to want to keep a close eye on your mailbox. The reason being is that instead of over email, data breach notification letters are typically sent via traditional mail. This letter will have all the details on how to sign up for IDX's identity theft protection and credit monitoring. However, it will also let you know exactly what types of your data were exposed in this breach. At the same time, you may also want to freeze your credit since with all this sensitive data, hackers could try to take out loans in your name or commit other types of fraud. You're also going to want to be extra careful when dealing with text messages or emails from unknown senders since other cybercriminals with access to this data could try to launch follow-up attacks, likely in the form of phishing scams. Likewise, monitoring all of your financial accounts is highly recommended as fraud is a lot easier to deal with when you spot it early on. Now that hackers have made it a point to go after healthcare-related businesses and healthcare providers, hopefully the entire medical industry is working on strengthening their security. In the meantime though, you want to make sure that all of your devices are protected with the best antivirus software and that you're using strong and complex passwords for all of your accounts. By taking these steps and improving your own cyber hygiene, you'll be better prepared for when the next data breach happens. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide Google Gemini flaw exploited to turn AI-powered email summaries into the perfect phishing tool Nearly 2 million people hit by malicious Chrome installations that can track you — what to do now This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don't fall for this Solve the daily Crossword
Tom's Guide
14-07-2025
- Health
- Tom's Guide
5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
Hackers continue to go after healthcare-related businesses in their attacks and unfortunately, you could easily get caught up in the aftermath as the result of a data breach. Case in point, millions of Americans are now receiving data breach notifications in the mail following a cyberattack on a medical billing company earlier this year. As reported by BleepingComputer, back in January and early February, hackers stole the personal and medical information of 5.4 million people during a cyberattack at the American healthcare services company Episource. While you likely haven't heard of this company, which is owned by UnitedHealth Group's Optum subsidiary, it provides risk adjustment, medical coding, data analytics and other tech to healthcare providers. As a result, Episource often handles large troves of personal and medical data which makes it a valuable target for hackers and other cybercriminals. Now though, the company has begun notifying affected individuals that their personal and medical data could be in the hands of hackers. Here's everything you need to know about this major medical data breach along with what to do next and steps to help keep you safe from any follow-up attacks. The hackers behind this attack managed to gain access to Episource's systems at the beginning of the year and according to a data breach notice on its site, the breach likely occurred sometime between January 27th and February 6th. During that time, the hackers were able to view as well as steal copies of some data in the company's computer systems. While the exposed data varies from person to person, it may include one or more of the following: Fortunately though, no banking or payment card information was exposed as a result of the breach. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. In a filing with the U.S. Department of Health and Human Service's Office for Civil Rights, Episource revealed that approximately 5,418,886 people are affected. The company began sending out data breach notifications to impacted individuals in April but as TechCrunch points out in a new report, additional notices have since been filed in California and Vermont and more people are now being notified in regard to this breach. With patients' full names, addresses, emails, phone numbers, dates of birth and especially their Social Security numbers in hand, there's a whole lot that hackers can do. From committing fraud and even identity theft to launching targeted phishing attacks using this stolen data, those impacted by this breach are going to need to be extra careful when answering their phones, checking their mailboxes and looking at their email. Episource is taking steps to soften the blow of this breach by providing affected individuals with free access to the best identity theft protection services. In the company's data breach notification shared (PDF) with the Office of the Vermont Attorney General, it explained that people whose medical and personal data was exposed can sign up for credit monitoring and identity restoration services from IDX which can be done so online or over the phone. If you're worried that your personal data and medical info could have been exposed, you're going to want to keep a close eye on your mailbox. The reason being is that instead of over email, data breach notification letters are typically sent via traditional mail. This letter will have all the details on how to sign up for IDX's identity theft protection and credit monitoring. However, it will also let you know exactly what types of your data were exposed in this breach. At the same time, you may also want to freeze your credit since with all this sensitive data, hackers could try to take out loans in your name or commit other types of fraud. You're also going to want to be extra careful when dealing with text messages or emails from unknown senders since other cybercriminals with access to this data could try to launch follow-up attacks, likely in the form of phishing scams. Likewise, monitoring all of your financial accounts is highly recommended as fraud is a lot easier to deal with when you spot it early on. Now that hackers have made it a point to go after healthcare-related businesses and healthcare providers, hopefully the entire medical industry is working on strengthening their security. In the meantime though, you want to make sure that all of your devices are protected with the best antivirus software and that you're using strong and complex passwords for all of your accounts. By taking these steps and improving your own cyber hygiene, you'll be better prepared for when the next data breach happens.
Yahoo
14-07-2025
- Health
- Yahoo
Episource is notifying millions of people that their health data was stolen
Medical billing giant Episource is notifying millions of people across the United States that their personal and health information was stolen in a cyberattack earlier this year. The breach affects more than 5.4 million people, according to a listing with the U.S. Department of Health and Human Services, making it one of the largest healthcare breaches of the year so far. Episource, owned by health insurance giant UnitedHealth Group's subsidiary Optum, provides billing adjustment to the doctors, hospitals, and other organizations that work in the healthcare industry. As such, the company handles large amounts of patients' personal and medical data to process claims through their health insurance. In notices filed in California and Vermont on Friday, Episource said a criminal was able to 'see and take copies' of patient and member data from its systems during the weeklong breach ending February 6. The stolen information includes personal information, such as names, postal and email addresses, and phone numbers, as well as protected health data, including medical record numbers, and data relating to doctors, diagnoses, medications, test results, imaging, care, and other treatment. The stolen data also contains health insurance information, like health plans, policies, and member numbers. Episource did not describe the nature of the incident, but Sharp Healthcare, one of the companies that works with Episource and was affected by the cyberattack, told its customers that the Episource hack was caused by ransomware. This is the latest cybersecurity incident to hit UnitedHealth in recent years. Change Healthcare, one of the largest companies in the U.S. healthcare industry that processes billions of health transactions each year, was hacked by a ransomware gang in February 2024, leading to the theft of more than 190 million Americans' personal and health information. The cyberattack was the largest healthcare data breach in U.S. history. Several months later, UnitedHealth's Optum unit left an internal chatbot used by employees to ask about claims exposed to the internet. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
TechCrunch
14-07-2025
- Health
- TechCrunch
Episource is notifying millions of people that their health data was stolen
Medical billing giant Episource is notifying millions of people across the United States that their personal and health information was stolen in a cyberattack earlier this year. The breach affects more than 5.4 million people, according to a listing with the U.S. Department of Health and Human Services, making it one of the largest healthcare breaches of the year so far. Episource, owned by health insurance giant UnitedHealth Group's subsidiary Optum, provides billing adjustment to the doctors, hospitals, and other organizations that work in the healthcare industry. As such, the company handles large amounts of patients' personal and medical data to process claims through their health insurance. In notices filed in California and Vermont on Friday, Episource said a criminal was able to 'see and take copies' of patient and member data from its systems during the weeklong breach ending February 6. The stolen information includes personal information, such as names, postal and email addresses, and phone numbers, as well as protected health data, including medical record numbers, and data relating to doctors, diagnoses, medications, test results, imaging, care, and other treatment. The stolen data also contains health insurance information, like health plans, policies, and member numbers. Episource did not describe the nature of the incident, but Sharp Healthcare, one of the companies that works with Episource and was affected by the cyberattack, told its customers that the Episource hack was caused by ransomware. This is the latest cybersecurity incident to hit UnitedHealth in recent years. Change Healthcare, one of the largest companies in the U.S. healthcare industry that processes billions of health transactions each year, was hacked by a ransomware gang in February 2024, leading to the theft of more than 190 million Americans' personal and health information. The cyberattack was the largest healthcare data breach in U.S. history. Several months later, UnitedHealth's Optum unit left an internal chatbot used by employees to ask about claims exposed to the internet.
Fox News
01-07-2025
- Health
- Fox News
5.4 million patient records exposed in healthcare data breach
Print Close By Kurt Knutsson, CyberGuy Report Published June 28, 2025 Over the past decade, software companies have built solutions for nearly every industry, including healthcare. One term you might be familiar with is software as a service (SaaS), a model by which software is accessed online through a subscription rather than installed on individual machines. In healthcare, SaaS providers are now a common part of the ecosystem. But, recently, many of them have made headlines for the wrong reasons. Several data breaches have been traced back to vulnerabilities at these third-party service providers. The latest incident comes from one such firm, which has now confirmed that hackers stole the health information of over 5 million people in the United States during a cyberattack in January. Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. ASCENSION HEALTHCARE DATA BREACH EXPOSES 430,000 PATIENT RECORDS SaaS firm leads to major healthcare blunder Episource, a big name in healthcare data analytics and coding services, has confirmed a major cybersecurity incident (via Bleeping Computer ). The breach involved sensitive health information belonging to over 5 million people in the United States. The company first noticed suspicious system activity Feb. 6, 2025, but the actual compromise began ten days earlier. An internal investigation revealed that hackers accessed and copied private data between Jan. 27 and Feb. 6. The company insists that no financial information was taken, but the stolen records do include names, contact details, Social Security numbers, Medicaid IDs and full medical histories. Episource claims there's no evidence the information has been misused, but because they haven't seen the fallout yet doesn't mean it isn't happening. Once data like this is out, it spreads fast, and the consequences don't wait for official confirmation. OVER 8 MILLION PATIENT RECORDS LEAKED IN HEALTHCARE DATA BREACH Why healthcare SaaS is a growing target The healthcare industry has embraced cloud-based services to improve efficiency, scale operations and reduce overhead. Companies like Episource enable healthcare payers to manage coding and risk adjustment at a much larger scale. But this shift has also introduced new risks. When third-party vendors handle patient data, the security of that data becomes dependent on their infrastructure. Healthcare data is among the most valuable types of personal information for hackers. Unlike payment card data, which can be changed quickly, medical and identity records are long-term assets on the dark web. These breaches can lead to insurance fraud, identity theft and even blackmail. Episource is not alone in facing this kind of attack. In the past few years, several healthcare SaaS providers have faced breaches, including Accellion and Blackbaud. These incidents have affected millions of patients and have led to class-action lawsuits and stricter government scrutiny. WHAT IS ARTIFICIAL INTELLIGENCE (AI)? 5.5 MILLION PATIENTS EXPOSED BY MAJOR HEALTHCARE DATA BREACH 5 ways you can protect yourself from healthcare data breach If your information was part of the healthcare breach or any similar one, it's worth taking a few steps to protect yourself. 1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it's crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it's compromised. See my tips and best picks on how to protect yourself from identity theft. 2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you. One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 3. Have strong antivirus software: Hackers have people's email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you're not careful. However, you're not without defenses. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices . 4. Enable two-factor authentication: While passwords weren't part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data. 5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLE Kurt's key takeaways What makes this breach especially alarming is that many of the affected patients may have never even heard of Episource. As a business-to-business vendor, Episource operates in the background, working with insurers and healthcare providers, not with patients directly. The people affected were customers of those companies, yet it's their most sensitive data now at risk because of a third party they never chose or trusted. This kind of indirect relationship muddies the waters when it comes to responsibility and makes it even harder to demand transparency or hold anyone accountable. CLICK HERE TO GET THE FOX NEWS APP Do you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved. Print Close URL
